Disable only Hostname verification of proxied HTTPS server certificate

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable only Hostname verification of proxied HTTPS server certificate

ramirezc
Is there any way where we can configure nginx to only verify the root of the
proxied HTTPS server (upstream server) certificate and to skip the host name
(or domain name) verification?

As I understand, proxy_ssl_verify directive can be used to completely
enable/disable the verification of proxied HTTPS server certificate but not
selectively. Is there any directive to only disable the host name
verification?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286129,286129#msg-286129

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Disable only Hostname verification of proxied HTTPS server certificate

Maxim Dounin
Hello!

On Thu, Nov 07, 2019 at 10:23:20AM -0500, shivramg94 wrote:

> Is there any way where we can configure nginx to only verify the root of the
> proxied HTTPS server (upstream server) certificate and to skip the host name
> (or domain name) verification?
>
> As I understand, proxy_ssl_verify directive can be used to completely
> enable/disable the verification of proxied HTTPS server certificate but not
> selectively. Is there any directive to only disable the host name
> verification?

No.

You can, however, set a particular name to verify, by using the
"proxy_ssl_name" directive.  See http://nginx.org/r/proxy_ssl_name 
for details.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx